the original cloud security
Showing 1 - 25 of 67 RSS Feed

Files Date: 2015-12-17

Joomla HTTP Header Unauthenticated Remote Code Execution
Posted Dec 17, 2015
Authored by Christian Mehlmauer, Marc-Alexandre Montpas | Site metasploit.com

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.

tags | exploit, remote, php, code execution
systems | linux, debian, ubuntu
advisories | CVE-2015-8562
MD5 | b5d38a9b93d1455d69a69b275bc5eed0
Gentoo QEMU Local Privilege Escalation
Posted Dec 17, 2015
Authored by zx2c4

Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAP_CHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This exploit should spawn a root shell, eventually, on vulnerable systems.

tags | exploit, shell, root
advisories | CVE-2015-8556
MD5 | e37a54d0b5f93a8c1e4770a98e1e8cb2
EMC Isilon OneFS Security Privilege Escalation
Posted Dec 17, 2015
Site emc.com

EMC Isilon OneFS contains a privilege escalation vulnerability when SmartLock compliance mode is in use. In SmartLock compliance mode, the system is designed to prevent root-level user logins to the system. However, this security vulnerability allows OneFS users with administrative privileges to create root-level users and log in to the system.

tags | advisory, root
advisories | CVE-2015-4545
MD5 | 59239631907846a59eeadae966555a66
Apache Camel Java Object Deserialization
Posted Dec 17, 2015
Authored by Claus Ibsen

Apache Camel's Jetty/Servlet usage is vulnerable to a Java object de-serialization vulnerability.

tags | advisory, java
advisories | CVE-2015-5348
MD5 | b707a9ea9d657282690a08b476eca23e
Gentoo Linux Security Advisory 201512-02
Posted Dec 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-2 - A vulnerability in IPython could result in execution of arbitrary JavaScript. Versions less than 3.2.1-r1 are affected.

tags | advisory, arbitrary, javascript
systems | linux, gentoo
advisories | CVE-2015-7337
MD5 | 754c75db9b011f47fe690e36da4b842d
Red Hat Security Advisory 2015-2665-01
Posted Dec 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2665-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.106, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-6792
MD5 | 06a1b451c1584c187ae99e0fed1235a3
Gentoo Linux Security Advisory 201512-01
Posted Dec 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-1 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.72-r2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-3294
MD5 | 950c268ebbf521340ca1f2a19c499dcd
Ubuntu Security Notice USN-2840-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2840-2 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7872
MD5 | e4694cf15f8f391f0076fb969da04709
Ubuntu Security Notice USN-2843-3
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-3 - =E9=83=AD=E6=B0=B8=E5=88=9A discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885
MD5 | 11a5b485f285216e76344613a24ca9fe
Ubuntu Security Notice USN-2843-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
MD5 | 5ef086dfacfeec593fa933b5f7aec168
Red Hat Security Advisory 2015-2666-01
Posted Dec 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2666-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could use this flaw to leak certain memory buffer contents from a past request or session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-3281
MD5 | a2bb046a53076579f6625ed715e91f6b
Microsoft Unicode Scripts Processor Arbitrary Code Execution
Posted Dec 17, 2015
Authored by Secunia, Hossein Lotfi

On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2015-6130
MD5 | a7e4a15823312e399086ef314ec3caab
OLE DB Provider For Oracle DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

Multiple DLL side loading vulnerabilities were found in the OLE DB Provider for Oracle. These issues can be exploited by loading various OLE components as an embedded OLE object. When instantiating the object Windows will try to load the DLLs oci.dll, and ociw32.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary, vulnerability
systems | windows
MD5 | 817be27f1b246862cc17bca380a4b9e0
Shockwave Flash Object DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the Flash version that ships with Windows. This issue can be exploited by loading the Shockwave Flash object as an embedded OLE object. When instantiating the object Windows will try to load the DLL spframe.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
MD5 | ab2a208b77ac707010bcb2c6f2349739
Shutdown UX DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the Shutdown UX DLL. This issue can be exploited by loading the Authentication UI Shutdown Choices object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-6128, CVE-2015-6132
MD5 | 250302a304fe707eea949c338cc15332
PyAMF 0.7.2 XXE Injection
Posted Dec 17, 2015
Authored by Nicolas Gregoire, Open Source CERT

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

tags | advisory, denial of service
advisories | CVE-2015-8549
MD5 | d27e2dac83345eabf472e84ed7130b4a
Easy File Sharing Web Server 7.2 GET SEH Buffer Overflow
Posted Dec 17, 2015
Authored by ArminCyber

Easy File Sharing web server version 7.2 GET HTTP request SEH buffer overflow exploit.

tags | exploit, web, overflow
MD5 | 46cd7712f0b19376307cb5f22d064d0f
Easy File Sharing Web Server 7.2 HEAD SEH Buffer Overflow
Posted Dec 17, 2015
Authored by ArminCyber

Easy File Sharing web server version 7.2 HEAD HTTP request SEH buffer overflow exploit.

tags | exploit, web, overflow
MD5 | fa1f7303e2677ed3dfc76dc5890f615f
Libnsbmp 0.1.2 Heap Overflow / Out-Of-Bounds Read
Posted Dec 17, 2015
Authored by Hans Jerry Illikainen

Libnsbmp version 0.1.2 suffers from heap overflow and out-of-bounds read vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2015-7507, CVE-2015-7508
MD5 | d6850e283e3ea6faf482991791566c90
Zen Cart 1.5.4 Local File Inclusion
Posted Dec 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Zen Cart version 1.5.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-8352
MD5 | 45b82388e05f7d07430cc61551c74a0e
orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection
Posted Dec 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

orion.extfeedbackform Bitrix module version 2.1.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2015-8355
MD5 | 63709eb27e174b82340d6dfa7352bfa3
Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read
Posted Dec 17, 2015
Authored by Hans Jerry Illikainen

Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2015-7505, CVE-2015-7506
MD5 | 1009b65ab8d34ba81c0ece2efa9ec291
UserCake 1.3 Cross Site Scripting / Information Disclosure
Posted Dec 17, 2015
Authored by indoushka

UserCake version 1.3 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | c437a33fb4dccdbf8b9bcca8da878d9d
Tweet Nest 0.8 Open Redirect
Posted Dec 17, 2015
Authored by indoushka

Tweet Nest version 0.8 suffers from an open redirection vulnerability.

tags | exploit
MD5 | a182b8d6966ff85fa44e6b9626708906
WordPress Google Adsense 1.29 Cross Site Scripting
Posted Dec 17, 2015
Authored by Madhu Akula

WordPress Google Adsense plugin version 1.29 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3f1cb52ea4e7c7890d093dbcda073818
Page 1 of 3
Back123Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    10 Files
  • 23
    Sep 23rd
    1 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close